Concentrator Lan-to-Lan VPN Using Certificates

Unanswered Question
Nov 5th, 2008


I need to set-up a lan-to-lan VPN with a Concentrator, with a 5520 ASA at the remote end. Instead of using a pre-shared key like we normally would, we have been asked by the remote end to get a certificate from Verisign.

I have researched the process for this but am still not entirely clear. As I understand, we will need to install a (free) root certificate on the concentrator, then;

1. Generate an identity certificate enroll request (PKCS10?)

2. Make a copy of the request text then send this to Verisign to complete the identity certifcate enrollment process (PKCS #7?)

Could anyone confirm - is this the correct procedure?

Also, Verisign themselves say that we need an SSL certificate for this which I believe is wrong? I thought it was just a digital identity certificate.

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
andrew.bagley Thu, 11/06/2008 - 06:59

Further to this, I have a list of root certs I downloaded from Verisign. Can I install all these (as I dont know which one is needed) - will it cause any problems on the concentrator?


andrew.bagley Tue, 11/11/2008 - 08:04


Still unsure on this - would be very grateful if anyone could be of help?



This Discussion